Sign-up

ID

VAR-201910-1671


CVE

CVE-2019-0047


TITLE

Junos OS Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-010932

DESCRIPTION

A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions on J-Web. This issue affects: Juniper Networks Junos OS 12.1X46 versions prior to 12.1X46-D86; 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D497, 15.1X53-D69; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R1-S7, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2. Junos OS Contains a cross-site scripting vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. The following products and versions are affected: Juniper Networks Junos OS Release 12.1X46, Release 12.3, Release 12.3X48, Release 14.1X53, Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3 Version, version 17.4, version 18.1, version 18.2, version 18.3, version 18.4

Trust: 1.71

sources: NVD: CVE-2019-0047 // JVNDB: JVNDB-2019-010932 // VULHUB: VHN-140078

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010932 // NVD: CVE-2019-0047

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0047
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2019-0047
value: HIGH

Trust: 1.0

NVD: CVE-2019-0047
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-563
value: HIGH

Trust: 0.6

VULHUB: VHN-140078
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0047
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140078
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0047
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2019-0047
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-140078 // JVNDB: JVNDB-2019-010932 // CNNVD: CNNVD-201910-563 // NVD: CVE-2019-0047 // NVD: CVE-2019-0047

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-140078 // JVNDB: JVNDB-2019-010932 // NVD: CVE-2019-0047

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-563

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201910-563

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010932

PATCH
title:JSA10970url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10970&actp=METADATA
Trust: 0.8
title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99208
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010932 // 
            
            
            
            CNNVD: CNNVD-201910-563

EXTERNAL IDS
db:NVDid:CVE-2019-0047
Trust: 2.5
db:JUNIPERid:JSA10970
Trust: 1.7
db:JVNDBid:JVNDB-2019-010932
Trust: 0.8
db:CNNVDid:CNNVD-201910-563
Trust: 0.7
db:VULHUBid:VHN-140078
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140078 // 
            
            
            
            JVNDB: JVNDB-2019-010932 // 
            
            
            
            CNNVD: CNNVD-201910-563 // 
            
            
            
            NVD: CVE-2019-0047

REFERENCES
url:https://kb.juniper.net/jsa10970
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-0047
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0047
Trust: 0.8
url:https://vigilance.fr/vulnerability/junos-os-cross-site-scripting-via-j-web-30586
Trust: 0.6
sources:
            
            
            VULHUB: VHN-140078 // 
            
            
            
            JVNDB: JVNDB-2019-010932 // 
            
            
            
            CNNVD: CNNVD-201910-563 // 
            
            
            
            NVD: CVE-2019-0047

SOURCES
db:VULHUBid:VHN-140078
db:JVNDBid:JVNDB-2019-010932
db:CNNVDid:CNNVD-201910-563
db:NVDid:CVE-2019-0047

LAST UPDATE DATE
2024-08-14T15:33:47.249000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140078date:2020-07-22T00:00:00
db:JVNDBid:JVNDB-2019-010932date:2019-10-24T00:00:00
db:CNNVDid:CNNVD-201910-563date:2020-07-23T00:00:00
db:NVDid:CVE-2019-0047date:2021-02-05T16:48:54.243

SOURCES RELEASE DATE
db:VULHUBid:VHN-140078date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010932date:2019-10-24T00:00:00
db:CNNVDid:CNNVD-201910-563date:2019-10-09T00:00:00
db:NVDid:CVE-2019-0047date:2019-10-09T20:15:16.037